/*
 * Copyright (c) 2013 WDCY Information Technology Co. Ltd
 * www.wdcy.cc
 * All rights reserved.
 *
 * This software is the confidential and proprietary information of
 * WDCY Information Technology Co. Ltd ("Confidential Information").
 * You shall not disclose such Confidential Information and shall use
 * it only in accordance with the terms of the license agreement you
 * entered into with WDCY Information Technology Co. Ltd.
 */
package com.monkey.web.shiro.web.filter.authz;

import org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter;

/**
 * @author Wu Tianqiang
 */
public class AppPermissionsAuthorizationFilter extends PermissionsAuthorizationFilter {

//    private MultiValueMap<String, String> uriPermissionMap = new LinkedMultiValueMap<>();
//    private Set<String> uris = new HashSet<>();
//
//    private PathMatcher pathMatcher = new AntPathMatcher();
//
//    @Autowired
//    private URIPermissionService uriPermissionService;
//    @Autowired
//    private MenuService menuService;
//
//    @PostConstruct
//    private void initial() {
//        List<URIPermission> uriPermissions = uriPermissionService.findAll();
//        initUriPermissionMapAndUriSet(uriPermissions);
//    }
//
//    private void initUriPermissionMapAndUriSet(List<URIPermission> uriPermissions) {
//        for (URIPermission uriPermission : uriPermissions) {
//            String uri = uriPermission.getUri();
//            uris.add(uri);
//
//            String key = loadKey(uri, uriPermission.getMethod().toString());
//            String permission = loadPermission(uriPermission);
//            uriPermissionMap.add(key, permission);
//        }
//    }
//
//    private String loadPermission(URIPermission uriPermission) {
//        Menu menu = uriPermission.getMenu();
//        String actualResourceIdentity = menuService.findActualMenuIdentity(menu);
//
//        String permission = uriPermission.getPermission().getPermission();
//        return actualResourceIdentity + Permission.PART_DIVIDER_TOKEN + permission;
//    }
//
//    private String loadKey(String uri, String method) {
//        return uri + "-" + method;
//    }
//
//
//    @Override
//    public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException {
//        HttpServletRequest httpServletRequest = WebUtils.toHttp(request);
//
//        String uri = loadURIPath(httpServletRequest);
//        if (MonkeyUtils.isEmpty(uri)) {
//            return true;
//        }
//        String method = httpServletRequest.getMethod();
//        String key = loadKey(uri, method);
//
//
//        List<String> permissions = uriPermissionMap.get(key);
//        boolean isPermitted = true;
//        if (MonkeyUtils.isNotEmpty(permissions)) {
//            Subject subject = SecurityUtils.getSubject();
//            if (permissions.size() == 1) {
//                if (!subject.isPermitted(permissions.get(0))) {
//                    notAccessPermission(response);
//                    isPermitted = false;
//                }
//            } else {
//                if (!subject.isPermittedAll((String[]) permissions.toArray())) {
//                    notAccessPermission(response);
//                    isPermitted = false;
//                }
//            }
//        }
//        return isPermitted;
//    }
//
//
//    private String loadURIPath(HttpServletRequest request) {
//        for (String uri : uris) {
//            if (pathMatcher.match(uri, request.getRequestURI())) {
//                return uri;
//            }
//        }
//        return null;
//    }
//
//
//    private void notAccessPermission(ServletResponse response) {
//        MonkeyResponseDto responseDto = new MonkeyResponseDto();
//        responseDto.fail(ResponseCode.NOT_ACCESS_PERMISSION, "用户权限不够");
//        com.monkey.utils.WebUtils.writeJSON(response, responseDto);
//    }

}